QNX-Powered Jeep Hacked on the Highway

With more and more things being connected to the Internet, wireless security will become more and more paramount in areas we previously didn’t need it. The automobile industry is a huge part of the new Internet of Things, and hackers are undoubtedly looking at all possible ways of controlling everything they can. To illustrate how dangerous this could potentially be, WIRED got together with Charlie Miller and Chris Valasek, two hackers that found an exploit in the latest Jeep Cherokee.

The whole report – which you should definitely check out here – is pretty scary. These hackers had almost full control of the car at one point. They didn’t modify the Jeep in any way, and didn’t connect any hardware to be able to access its controls. Everything was done wirelessly, miles away. As WIRED notes, “All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone.”

ADVERTISEMENT

This particular vulnerability was found through Chrysler’s Uconnect infotainment system. This system, which is laid over QNX, controls the car’s entertainment and navigation, enables phone calls and can even offer a Wi-Fi hot spot. Miller and Valasek won’t identify which specific element of Uconnect was vulnerable for now.

Chrysler has been alerted to the exploit and will be issuing software patches to fix it.

*UPDATE* – Charlie Miller, the lead security researcher who discovered the UConnect vulnerability has clarified, along with BlackBerry, that the vulnerability “doesn’t have anything to do with QNX security.”

Comments

Could we tone back the FUD headlines? I mean seriously.. nobody knows if the security issues were within Uconnect or within the version Of QNX running on Jeep automobiles so to throw out that headline is just sad. Is it factually wrong? No.. but it does lend to the perception that QNX was hacked. SMFH

Andy®Z30

I agree with you, @mnhockeycoach. The vulnerability may have come via the Sprint network which the vehicle’s mobile hotspot uses.

Lucas Atkins

Unfortunately, it appears that QNX allowed access to the chip. BlackBerry certainly needs to evaluate that matter.

mnhockeycoach

But I have yet to read anything confirming this.. nor has BlackBerry make a public statement about it so I stand by my original comment.

ATInsider.

This hacking was a fabricated scenario to show you how easy it Is to hack a connected automobile. In this case, QNX was picked on.

I am no liking the MASSIVE STUTTERING and Slow Down on this site COMMENTS SECTION. Its messing up the BB10 keyboard’s Auto correct. This sucks.

Lucas Atkins

Haven’t experienced this, but will investigate.

Storm Foreman

Hey Lucas and JT, where is the follow-up on this article stating that QNX was NOT hacked, and Blackberry’s technology was not the vulnerability? Just in case you need another story to re-post instead of doing any journalism on your own end, here you go: http://crackberry.com/qnx-neutrino-os-far-hack.